Cache Security Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through...
8.3CVSS
7AI Score
0.0004EPSS
Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through...
8.2CVSS
7.2AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page Cache for Cloudflare allows Stored XSS.This issue affects Super Page Cache for Cloudflare: from n/a through...
7.1CVSS
7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through...
6.5CVSS
7AI Score
0.0004EPSS
The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site...
6.1CVSS
6.5AI Score
0.0005EPSS
The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the set_urls_with_terms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as...
8.8CVSS
8.2AI Score
0.001EPSS
The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource functions in all versions up....
4.3CVSS
6.7AI Score
0.0004EPSS
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
5.4CVSS
5.9AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...
8.8CVSS
7.5AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.This issue affects Aruba HiSpeed Cache: from n/a through...
7.5CVSS
7.1AI Score
0.001EPSS
Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through...
4.3CVSS
7.5AI Score
0.0004EPSS
The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated...
7.5CVSS
7.9AI Score
0.03EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to.....
4.3CVSS
4.3AI Score
0.001EPSS
The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind SSRF...
8.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3...
8.8CVSS
8.8AI Score
0.001EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to...
4.3CVSS
5.2AI Score
0.001EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache...
4.3CVSS
5.2AI Score
0.001EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to.....
4.3CVSS
5.2AI Score
0.001EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache...
4.3CVSS
4.5AI Score
0.001EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to...
4.3CVSS
5.2AI Score
0.001EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for unauthenticated attackers to...
4.3CVSS
4.5AI Score
0.001EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated attackers to purge the...
4.3CVSS
4.5AI Score
0.001EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers....
4.3CVSS
4.5AI Score
0.001EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers....
4.3CVSS
5.2AI Score
0.001EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers to invoke a cache...
4.3CVSS
5.2AI Score
0.001EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated attackers to change...
4.3CVSS
4.5AI Score
0.001EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via....
4.3CVSS
4.5AI Score
0.001EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear...
4.3CVSS
4.5AI Score
0.001EPSS
The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated...
4.3CVSS
4.5AI Score
0.001EPSS
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is...
9.8CVSS
9.4AI Score
0.002EPSS
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this...
7.5CVSS
7.8AI Score
0.001EPSS
The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF...
6.5CVSS
6.4AI Score
0.001EPSS
NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and...
6.8CVSS
6.8AI Score
0.001EPSS
The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.8AI Score
0.001EPSS
The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site...
4.8CVSS
5AI Score
0.001EPSS
The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if.....
6.1CVSS
6AI Score
0.001EPSS
The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF...
4.3CVSS
4.5AI Score
0.001EPSS
An issue was discovered in the cache crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for...
8.1CVSS
8AI Score
0.002EPSS
The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince....
6.1CVSS
5.8AI Score
0.001EPSS
The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript...
6.1CVSS
5.8AI Score
0.001EPSS
The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting...
4.8CVSS
4.7AI Score
0.001EPSS
The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of...
7.2CVSS
6.9AI Score
0.003EPSS
The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting...
5.4CVSS
5.2AI Score
0.001EPSS
Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified...
6.5CVSS
6.3AI Score
0.003EPSS
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited,...
7.2CVSS
7AI Score
0.001EPSS
An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is...
7.5CVSS
7.5AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.971EPSS
6.1CVSS
6.2AI Score
0.002EPSS
8.8CVSS
8.9AI Score
0.04EPSS
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for...
8.8CVSS
8.8AI Score
0.018EPSS